Share via

Interpreting LDAP nslookup output

Aaron 1 Reputation point
2021-04-20T05:17:26.177+00:00 
C:\Users\myuser1>nslookup
Default Server:  ns-xxx.xxxx.com
Address:  1xx.xx.x.x

> set types=all

> _ldap._tcp

Server:  ns-xxx.xxxx.com
Address:  1xx.xx.x.x

Non-authoritative answer:
_ldap._tcp.Tech.xyz.com   SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = SRV82.Tech.xyz.com
_ldap._tcp.Tech.xyz.com   SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = SRV61.Tech.xyz.com
_ldap._tcp.Tech.xyz.com   SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = SRV62.Tech.xyz.com
_ldap._tcp.Tech.xyz.com   SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = SRV41.Tech.xyz.com
_ldap._tcp.Tech.xyz.com   SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = SRV42.Tech.xyz.com
_ldap._tcp.Tech.xyz.com   SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = SRV43.Tech.xyz.com
_ldap._tcp.Tech.xyz.com   SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = SRV44.Tech.xyz.com
.
.
.
.

This command is executed on my windows pc, which is a domain user of the domain that I am trying to find its LDAP server..

are those servers(srv82, srv61, ...) replicants/clones? so they all LDAP servers?

if that's the case, there must be a server(primary server) with a different domain name that load balances randomly the LDAP requests over these guys?! and idk if there is a particular command for finding that as well...?!

Thanks :)

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,439 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,253 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vicky Wang 2,646 Reputation points
    2021-04-20T07:51:24.207+00:00

    Hi Aaron,
    Thank you for posting in our forum
    When the communication is initiated, the selected Domain Controller will check that the client computer belongs to its Active Directory site. This is done by comparing the IP address of the client computers with Active Directory configured sites and subnets. Here, there will be two possible scenarios:
    • The Windows computer and the selected Domain Controller belong to the same Active Directory site: In this situation, the following will happen:
    o The selected Domain Controller provides the client computer with the site name
    89442-capture1.png

    • The Windows computer caches the name of its AD site and the name of the used Domain Controller. The selected Domain Controller will be used as long as it is available. The Windows computer no longer needs to re-do the localization process each time it needs to communicate with a Domain Controller.
    • The Windows computer and the selected Domain Controller do not belong to the same Active Directory site: In this situation, the following will happen:
    • The selected Domain Controller provides the client computer with the site name and informs it that it is not the closest Domain Controller

    89443-capture2.png
    Remark 1: If the Windows computer fails to communicate with a selected Domain Controller, it will try to contact another one according to the priority and weight assigned to the SRV records.
    Remark 2: If a Windows computer already has its AD site cached and would like to localize a new Domain Controller (Example: The current Domain Controller in use is no longer available) then it will start directly with Step number 7 (We refer to the steps shown in the previous figure)
    Remark 3: The Windows computer AD site is stored in the following registry entry: HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteName
    89397-capture3.png

    Hope this information can help you
    Best wishes
    Vicky

    0 comments
  2. Vicky Wang 2,646 Reputation points
    2021-04-22T06:48:41.597+00:00

    Hi,

    How are things going? Could you please send me an update so that we can continue to work on this problem and resolve it ? Thanks for your help.

    Hope this information can help you
    Best wishes
    Vicky

    0 comments
  3. Vicky Wang 2,646 Reputation points
    2021-04-26T05:32:23.81+00:00

    Hi,

    I hope things are going well on your end. Since I have not heard from you, I assume you are quite busy and may not be able to make progress on this issue at this time. Based on this status of this case, I will go ahead to temporarily mark it as inactive at this time.

    Best wishes
    Vicky

    0 comments